Fortify warning on Windows 7 pirates
The new Microsoft operating system has apparently been leaked on to the P2P file-sharing side of the Internet, and application vulnerability specialists Fortify is concerned about the consequences for innocent computer users.
“The early build of Windows 7 is under alpha test with developers,” explained Rob Rachwald, Fortify’s director of product marketing. “Given the low level at which this operating system installs on a PC, we strongly recommend users give this version a very wide berth indeed because of the associated security risks.”
Authentication is impossible
According to Rachwald, unconfirmed reports suggest that Build 7000 of Windows 7 has been downloaded – and almost certainly installed – by “several tens of thousands” of Internet users. “The problem with this version,” added Rachwald, “is that there’s absolutely no way of authenticating that the early build hasn’t been tampered with by a hacker. They may have coded all sorts of malware into the 2.44 gigabytes file.”
Rachwald continued: “Given that PC users over the holiday period have probably had plenty of time on their hands, and quite possibly were gifted a new PC for Christmas, the temptation is there to download and install the pirate version of the new operating system. This is not the right thing to do. Anyone hooking up a PC with the early version of Windows 7 Ultimate to the Internet could find their PC generating malware, hacker and Distributed Denial of Service attacks, as well as e-mail spam, without them being aware of it.”
Rachwald is adamant that this is just for starters. In truth, it’s highly unlikely that any IT security application will protect the new operating system from internally-coded malware, so the fall-out from trying an unofficial version of the new operating system could be quite severe.
For more information on the pirate version of Windows 7 and details about Fortify Software check out the dedicated web links on the right hand panel of this page.
Firms “need to be aware” of VOIP code risks
Fortify has also warned companies using VOIP private branch exchange (PBX) software to be aware that the complex program code involved with Internet telephony can make such systems vulnerable to hacker attacks.
Fortify’s warning comes after the FBI has announced that users of the Asterisk VOIP PBX software should upgrade to the latest edition of the package to avoid a security flaw that allows hackers to dial-through access on their telephone systems.
“The problem facing small business users of VOIP PBX systems is that although the PBX is hooked up to the regular telephone network and a company’s Broadband Internet connection, most firms’ IT security resources do not extend their complete protective envelope around the PBX platform,” suggested Rachwald. “This means that users of VOIP PBX systems who think their telephone system is covered by, for example, a firewall application, can wake up with a nasty surprise on the phone bill front after their PBX system has been compromised.”
According to Rachwald, many VOIP applications are either open source, freeware or shareware, meaning they have not usually undergone code auditing and program vulnerability analysis. That’s not to say that such software isn’t capable of performing the required function. “Far from it,” chipped in Rachwald, “but companies need to be aware of the risks involved and contact a security specialist to see whether their software – or a suitable alternative – has been code verified.”
A growing number of open source applications, such as Asterisk, says Rachwald, are also being hardened and installed on more secure appliances, rather than vanilla PCs.
“In Asterisk’s case, for example, a number of vendors have installed the PBX software on a specialist diskless server that not only increases security levels, but also boosts reliability and call quality. This is clearly a step forward, and may be an option for any company worried about their VOIP PBX security.”
Fortify warning on Windows 7 pirates
The new Microsoft operating system has apparently been leaked on to the P2P file-sharing side of the Internet, and application […]
IFSEC Insider
IFSEC Insider | Security and Fire News and Resources